See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/331231590

Combining PIN and Biometric Identifications as Enhancement to User

Authentication in Internet Banking

Presentation · November 2018

DOI: 10.13140/RG.2.2.21713.97123

CITATIONS READS

0 332

3 authors:

Cherinor Umaru Bah Afzaal Seyal

2 PUBLICATIONS   0 CITATIONS   
Universiti Teknologi Brunei
81 PUBLICATIONS   1,102 CITATIONS   
SEE PROFILE
SEE PROFILE

Umar Yahya
Islamic University in Uganda (IUIU)
7 PUBLICATIONS   4 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Wearable Monitoring Frameworks for the Elderly and Children View project

Wearable Assistive Tools for the Physically Disabled View project

All content following this page was uploaded by Umar Yahya on 07 March 2019.

The user has requested enhancement of the downloaded file.

 Combining PIN and Biometric Identifications as Enhancement to
User Authentication in Internet Banking
Cherinor Umaru Bah1,*, Afzaal Hussain Seyal1, Umar Yahya2
{M20171042@student.utb.edu.bn, afzaal.seyal@utb.edu.bn, umar.yahya@ieee.org}
1
School of Computing and Informatics, Universiti Teknologi Brunei, Brunei
2
Motion Analysis Lab, Faculty of Science, Universiti Brunei Darussalam, Brunei
*Corresponding author
Abstract
Internet banking (IB) continues to face security concerns
arising from illegal access to users’ accounts. Use of personal
identification numbers (PIN) as a single authentication
method for IB users is prone to insecurities such as phishing,
hacking and shoulder surfing. Fingerprint matching (FPM) as
an alternative to PIN equally has a downside as fingerprints
reside on individual mobile devices. A survey we conducted
from 170 IB respondents of 5 different banks in Brunei
established that majority (65%) of them preferred use of
biometric authentication methods. In this work, we propose a
two-level integrated authentication mechanism (2L-IAM). At
the first level, the user logs in to their IB portal using either
PIN or FPM. At the second level, user is authenticated by
means of face recognition (FR) should they initiate a
transaction classified as sensitive. The merits of the
introduced 2L-IAM are 3-fold: - (1) FR guarantees the
identity of the rightful user irrespective of the login device;
(2) By classifying banking products’ sensitivity, the sensitive
transactions are more effectively secured; (3) It is
accommodative of different users’ authentication preferences.
Adoption of this framework could thus improve both users’
and banks’ experiences in terms of enhanced security and
service delivery respectively.
Keywords: Internet Banking; User Authentication; PIN;
fingerprint; face recognition
1 Introduction
Internet Banking (IB) has grown tremendously over the years
as banking institutions strive to compete in a growing
technological age in which customer convenience, security
and cost minimization are among the crucial success
factors[1-2]. In a typical IB portal, authenticated users can
view their account balances, retrieve a list of recent
transactions, transfer funds between accounts, pay utility bills,
among several other online transactions[3]. It is, however, a
growing challenge that IB continues to face evolving security
challenges characterised by data compromise, phishing,
hacking, and several more [4]. These prevalent challenges
require banking institutions to continuously work towards the
enhancement of user authentication mechanisms in IB
environments[5]. The decades’ long means of authentication
View publication stats
such as passwords, personal identification numbers (PINs),
and tokens no longer are able to keep up with the advanced
tools and techniques used by hackers and fraudsters to gain
illegal access to customers IB portals[6-8].
Biometric authentications which verify users based on their
physiological attributes such as finger-prints, face and voice
recognition, and behavioural characteristics such as, gesture,
keystrokes, and gait are increasingly becoming the preferred
authentication mechanism today [9-11]. IB and financial
technology experts have even predicted that in the future,
biometrics will replace the traditional electronic payment
authentication method [12-13].
Basing on both the strength and weaknesses of both biometric
and non-biometric authentications [6-14], we hypothesize that
using a biometric fingerprint as well as facial recognition in
combination with the other traditional methods such as
passwords, PINs, and tokens would outperform the existing
user authentication methods. Our hypothesis is on the basis
that biometrics too possess some limitations which sometimes
make the performance of one single modality insufficient in
terms of universality, accuracy and distinctiveness [14-16]. In
order to overcome these limitations, multi-biometric is
increasingly attracting the interest of researchers with the
main purpose of overcoming mono-modal biometric systems
[17].
This work proposes a two-level integrated authentication
mechanism (2L-IAM) that will use Personal Identification
(PIN) or Fingerprint (FP) at the first level and at the second
level the user is authenticated by means of Face Recognition
(FR) should they attempt to perform any actions or
transactions classified as sensitive by their bank. The
rationale of the proposed 2L-IAM is that a second level
authentication by means of FR guarantees the true identity of
the rightful IB user. Additionally, banks would be able to
decide and effectively categorise online transactions requiring
additional authentication before being executed by their IB
users. Therefore it was anticipated that the proposed 2L-IAM
would offer enhanced user experience for both IB users and
service providers (i.e banks) in the form of improved security,
flexibility, recognising user authentication preferences and
convenience as highlighted in [2-5].
2 Methods
2.1 Survey conducted